A Review of the Best News of the Week on AI, IoT, & Mobile Security
Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years (VICE, Aug 19 2019)
Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers.
Android users menaced by pre-installed malware (Naked Security, Aug 19 2019)
Google Project Zero researcher Maddie Stone has found a new and concerning route for malware to find its way on to Android devices – malicious apps that have been factory pre-installed.
Delta sues AI vendor over 2017 breach exposing info on 825K (SC Magazine, Aug 19 2019)
After information on 825,000 Delta Airlines customers was exposed and potentially stolen by at least one hacker in 2017, the airline has filed suit against chatbot vendor 7.ai, claiming poor security led to the breach.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Microsoft won’t shift on AI recordings policy (Naked Security – Sophos, Aug 16 2019)
Microsoft may have been caught red-handed letting contractors listen to sensitive conversations with its AI, but that doesn’t mean it’s going to stop.
AI: Artificial Ignorance (WeLiveSecurity, Aug 16 2019)
Does true Artificial Intelligence even exist yet? Will it ever exist or will it end the world before we reach its full capacity?
This Program Makes It Even Easier to Make Deepfakes (VICE, Aug 19 2019)
Unlike previous deepfake methods, FSGAN can generate face swaps in real time, with zero training.
AI vs. AI: Cybersecurity battle royale (Help Net Security, Aug 15 2019)
As malicious AI evolves, it will continue to gain knowledge, carefully select its targets and inflict damage in a manner that will outsmart its human counterparts, with enormous difficulty in finding the person to blame and prosecute. This makes it more crucial than ever to develop and implement solutions that can combat malicious AI, in a totally different manner by detecting its vulnerabilities and outsmarting the technology.
This Hacker Made Clothes That Can Confuse Automatic License Plate Readers (VICE, Aug 15 2019)
Designer Kate Rose presented her “adversarial fashion” line of clothing, which introduces garbage data into license plate reader systems, at DEF CON 27.
Researchers were able to detect what is typed using just a smartphone (Help Net Security, Aug 19 2019)
a new study from SMU (Southern Methodist University) suggests that it’s possible to access your information in a much subtler way: by using a nearby smartphone to intercept the sound of your typing.
AT&T and T-Mobile fight Caller ID spoofing with number verification system (Ars Technica, Aug 14 2019)
Carriers verify Caller ID for calls made between their two networks.
Apple’s New Bug Bounty Is a ‘Historical Moment’ For the iPhone’s Security (VICE, Aug 14 2019)
Apple expanded the scope of its bug bounty, increased payouts, and promised special devices to a select group of researchers. For jailbreakers and hackers, there’s never been a better time to pwn the iPhone.
This Counterfeit iPhone Is Riddled With Backdoors and Malware (VICE, Aug 14 2019)
Fake devices look real but are rife with unpatched operated systems, outdated kernels, and a universe of dodgy backdoors and malware, researchers have found.
Trojanized apps containing ad fraud malware downloaded 102M times (SC Magazine, Aug 15 2019)
Two related ad fraud malware programs have been downloaded roughly 102 million times from the Google Play store, according to researchers.
Google Offers Password-Free Android Access to its Services (Infosecurity Magazine, Aug 19 2019)
Support for FIDO2 in Android allows users to log into some Google services with a fingerprint.
U.S. renews temporary license allowing companies to sell to Huawei, adds 45 to blacklist (SC Magazine, Aug 19 2019)
The Commerce Department Tuesday renewed a temporary license that allows U.S. companies to sell their products to Huawei but blacklisted exporting products to 45 companies associated with the Chinese technology firm. Commerce Secretary Wilbur Ross justified the 90-day renewal in a release, saying that “more time is necessary to prevent any disruption.”
Mobile Device Security for Blue Collar Workers (SC Magazine, Aug 20 2019)
From blue-collar to new-collar When we picture the typical technology worker, many of us naturally think of an office worker who spends most of their day chained to a desk, sitting in a home office or getting WiFi at a Starbucks. But that view of the tech worker is increasingly too limited.